CB App Control, running in High enforcement mode, protects servers by preventing the execution of software that is not explicitly approved. Per the Minimum Security Standards, it is required for all Moderate and High Risk systems. This document outlines the steps for enrolling and managing servers in CB App Control, with links to more detailed information.
- Prerequisites:
- Install the Splunk Universal Forwarder.
- Obtain a Privileged Access Workstation (PAW) to access the CB App Control admin console.
- Request an account for the CB App Control admin console.
- Install CB App Control:
- Either deploy via BigFix (BigFix for Servers is a prerequisite) or install from a package.
- Using your PAW, connect to the PAW VPN (IDG5540 or su-secops-vpn), open the admin console URL (https://bit9-r1.stanford.edu) in your browser, and change your password the first time you log in. The Chrome browser is recommended.
- Verify that the correct servers are showing in your CB App Control admin console.
- Set your servers initially to Visibility enforcement mode, then ultimately to High enforcement mode. For information about enforcement modes and changing between them, see CB App Control Enforcement Modes and Changing CB App Control Enforcement Modes.
- Regularly monitor the events produced by systems in High enforcement mode via the admin console and/or Splunk.